לוח משרות דרושים DevSecOps Engineer

we are looking for a Platform Security Engineer.
As a dedicated Platform Security Engineer, you will bridge the gap between code and infrastructure to build a fortress around our creators' content.
Youll spend your time defining and implementing high-level security processes while rolling up your sleeves to fix vulnerabilities alongside our DevOps team. From architecting DSPM strategies for massive distributed video data to hardening our SDLC, you will be the ultimate owner of our security posture. You wont just be monitoring dashboards; youll be collaborating directly with developers to ensure security is a fundamental part of our engineering.

We are looking for people who are passionate about leading technology to the extreme.
If you are striving to develop an innovative product, make an impact, and work with the industrys brightest talent as part of one of the fastest-growing and successful startups around - where you want to be!
As part of the Security Cloud Engineering team, youll do the following:
Promote a strong security culture using security-driven awareness and best practices for continual security improvement across the business.
Ensure that security countermeasures, mitigations, and containment strategies are implemented on both infrastructure and applications.
Leverage AI within the DevOps and DevSecOps landscapes to maximize security ROI while driving innovation across the global company.
Secure and optimize our cloud services, to ensure robust security and compliance.
Establish and enforce DevSecOps best practices within our CI/CD pipelines and automation processes.
Automate the deployment of security controls and processes to ensure consistent and scalable protection for all security layers.
Develop and implement strategies for proactive threat detection and risk mitigation.
Collaborate with Security, Engineering, and DevOps teams to define and execute security strategy.

We are KPMG's technology arm in Israel. KPMG delves headfirst into the power of emerging technologies and scientific breakthroughs to craft solutions, projects, and products for companies facing complex business challenges in today's continuously changing world. By uniting groundbreaking technology with industry expertise, we are able to harness the potential of cloud, AI, ML, digital, and cyber to design and implement top-of-the-line tailored solutions. The Cyber & Cloud Security Department is seeking a Cloud Security Engineer for a challenging role that includes ongoing on?site work with a client. The role includes:
* Responsibility for establishing, maintaining, supporting, and securing critical cloud infrastructures, with a strong focus on sensitive and secured environments – Azure Cloud
* Design and implementation of secure cloud infrastructures – including working with Infrastructure as Code (IaC) practices
* Operational maintenance of computing systems, servers, and infrastructure components in a secured environment
* Using IaC tools such as Terraform / Bicep / ARM Templates for infrastructure management, automation, and standardization
* Ongoing collaboration with client teams, including hands?on on?site support – supporting cloud and system infrastructures
* Performing security updates, hardening, and upgrades in secured environments
* Integrating and implementing new Azure services into existing infrastructures
* Writing and maintaining procedures, professional reports, and technical documentation
* Working with various operating systems (Windows / Linux)

תת מחלקה:
יעוץ סייבר ואבטחת מידע

We're on a mission to redefine vehicle safety and reliability on a global scale. Founded in 2016, we have pioneered the world's first fully automated suite of vehicle inspection systems. At the heart of this innovation lies our advanced AI-centric technology, representing the pinnacle of computer vision, Machine Learning, and generative AI within the automotive sector.
With over $380M in funding and strategic partnerships with industry giants such as Toyota, Amazon, General Motors, Volvo, and Hertz, our technology is utilized in manufacturing plants, dealerships, wholesale auctions, delivery fleets, seaports, and more. Our growing global team of over 200 employees is committed to creating a workplace that celebrates diversity, encourages teamwork, and strives for excellence.
We seek a dedicated and proactive Senior SecOps Engineer to join our InfoSec team and take ownership of all security-related tasks across the organization. In this role, you will be key in aligning security goals with infrastructure, R&D and IT requirements. You will be responsible for integrating security into our CI/CD pipelines, managing cloud infrastructure security, ensuring compliance with security standards, and protecting our infrastructure from vulnerabilities.
A day in the life and how youll make an impact:
* Implement and manage security tools such as static code analysis, cloud posture monitoring, and penetration testing tools.
* Embed security into the DevOps lifecycle, including CI/CD pipelines, IaC (Infrastructure as Code), and software development workflows.
* Design and enforce security policies for cloud architecture, ensuring secure configurations and monitoring.
* Lead incident response activities, vulnerability management, and forensic investigations to mitigate threats.
* Drive compliance efforts (ISO 27001, SOC 2, GDPR, etc.) and audit readiness for the organization.
* Work closely with stakeholders ( CISO, COO, system Architects, DevOps, IT, Finance, HR, etc) to identify requirements and prioritize security needs.
* Continuously monitor systems and infrastructure for vulnerabilities, intrusions, and misconfiguration.
* Perform or manage penetration testing initiatives to identify security weaknesses.

We are seeking a talented Senior DevSecOps Engineer / Security Architect to act as the primary security owner and focal point for the Velocity R&D organization. The ideal candidate will possess a background in IT and security platforms, strong coding skills, the ability to independently learn new technologies, an unwavering commitment to quality, a collaborative work ethic, and a profound passion for securing complex infrastructures.
Main Responsibilities:
Security Strategy & Architecture
Own and continuously improve Velocitys overall security posture, including risk assessment, prioritization, and long-term planning.
Design and guide secure architectures for new and existing systems and features, aligned with best practices and compliance requirements.
Lead threat modeling efforts and drive proactive validation against emerging attack techniques.
Evaluate, introduce, and develop security solutions tailored to Velocitys environment.
Design and implement security controls for emerging technologies, including agentic AI systems, addressing risks such as misuse, data leakage, and adversarial manipulation.
Security Engineering & DevSecOps
Embed security across the development lifecycle, including CI/CD pipelines, infrastructure, and application layers.
Enhance logging, auditing, and detection capabilities, and design detection strategies tailored to the platform.
Own and optimize security tooling, ensuring strong integration, visibility, and coverage across systems.
Incident Response & Operations
Investigate and respond to security incidents and alerts, leveraging deep system understanding.
Perform root cause analysis and drive improvements to prevent recurrence.
Collaboration & Enablement
Partner closely with R&D, IT, Product, and the CISO to ensure secure design and day-to-day operations.
Support compliance initiatives (e.g., SOC 2) and security reviews with internal and external stakeholders.
Assist in customer-facing security processes, including questionnaires and evaluations.
Promote security awareness and provide guidance across the organization.

You will join our Cyber Security Operations team and play a key role in protecting our cloud-native and enterprise environments. In this hands-on role, youll design, implement, and operate security controls across AWS, Kubernetes, CI/CD pipelines, and identity systems.
Youll lead incident response efforts, build security automation, and drive continuous improvement of our detection and prevention capabilities in a fast-paced, highly technical environment.
The day-to-day:
Own and enhance security for large-scale AWS environments (IAM, VPC, CloudTrail, GuardDuty, EKS, S3).
Build and operate threat detection, incident response, and DFIR processes across cloud, Kubernetes, identity, and SaaS platforms.
Design and implement security automation for access control, cloud hygiene, incident response, and SIEM workflows.
Drive DevSecOps initiatives, securing CI/CD pipelines and enabling shift-left security.
Develop and tune SIEM detections, threat hunting queries, and automated remediation pipelines.
Manage identity, access, and Zero Trust / ZTNA architectures using IdP, SSO, RBAC, and federation.
Simulate real-world attacks and perform vulnerability discovery to validate security controls.

We are seeking a skilled DevSecOps Engineer to integrate security practices within our software development lifecycle (SDLC) while ensuring seamless CI/CD pipeline implementation and automation. The ideal candidate will have proven experience in DevSecOps or a similar role, with a deep understanding of both development and security principles.
Place of employment: central.
Scope of hours: full-time job.

we are looking for a SecOps Engineer.
This is a full-time on-site role located in Haifa for a SecOps professional.
The responsibilities include maintaining and optimizing security operations, identifying and mitigating potential vulnerabilities, implementing security monitoring solutions, and responding to security incidents. The role involves working collaboratively with cross-functional teams to ensure the deployment of robust security measures and policies across systems and infrastructures.

Required DevSecOps Engineer
What we do:
Our DevOps team is responsible for the platforms end-to-end, from cloud infrastructure to production delivery. We build and operate the systems that enable engineering teams to move fast and safely, while ensuring high standards of reliability, security, performance, and scalability. Through automation, strong architecture, and secure-by-design practices, we continuously improve how we deploy, monitor, and protect our production environments.
What you will be doing:
As the sole DevSecOps owner within the DevOps team, you will take end-to-end responsibility for improving the security of our cloud and production environments. You will design and implement security controls across AWS/GCP- from hardening infrastructure and securing Kubernetes to ensure our platform stays secure as it scales.
You will work closely with cross-functional teams such as DevOps, R&D, Product, and Data to embed security into the way we build software. This role is ideal for someone who wants to make a real impact, takes ownership of cross-team initiatives, is curious and eager to learn, and enjoys driving improvements that raise the security bar across the company.
This is a hybrid role, requiring 2 days per week at our R&D site in Tel Aviv.
Responsibilities:
Architect, implement, and maintain a strong security posture across cloud environments (AWS / GCP), aligned with best practices (CIS Benchmarks, Well-Architected Framework)
Own and integrate automated security controls into CI/CD pipelines (SAST, DAST, SCA, container scanning), including tuning to reduce noise and enforce policy gates
Secure Infrastructure as Code (IaC) and harden servers, services, and Kubernetes clusters
Design and manage IAM, roles, policies, and secrets management to enforce Least Privilege
Lead security initiatives around emerging technologies, including AI models, LLM integrations, and data pipelines
Continuously monitor and drive remediation of vulnerabilities and security findings across the stack
Partner with Developers and Data Engineers to embed security into the SDLC and strengthen security culture
Support security operations, including incident response and root cause analysis.

We are seeking a skilled and motivated DevSecOps Engineer to integrate security practices into our DevOps pipeline, ensuring secure software development, deployment, and infrastructure.
You will automate and own security tooling, Integrate SAST, DAST, container/IaC scans, and secret detection into our CI/CD, continuously improving the stack. Harden application security, embed secure-coding best practices, OWASP Top-10 defenses, and threat modeling throughout the SDLC. Raise cloud security standards, keep our cloud environments aligned with best practice to mitigate any risk.
Key Responsibilities:
Secure CI/CD Pipelines: Integrate security into continuous integration and delivery workflows (CI/CD).
Automation & Tooling: Implement and manage tools for static and dynamic code analysis (SAST, DAST), software composition analysis (SCA), and secrets management.
Cloud Security: Ensure infrastructure-as-code (IaC) and cloud deployments (e.g., AWS, Azure, GCP) are secure and compliant.
Monitoring & Incident Response: Set up security monitoring and logging; support incident response and forensic analysis.
Policy & Compliance: Work with compliance teams to enforce standards such as ISO 27001, SOC 2, NIST, or HIPAA, depending on your environment.
Collaboration: Serve as a bridge between development, operations, and security to ensure alignment and shared responsibility for security.

Our Security team is looking for a highly skilled and security-savvy Application Security Engineer to lead our product and application security efforts. In this role, you will drive security design, ensure secure coding practices, and validate our services and environments against the highest security standards.

You will work closely with our R&D and Product teams to identify, mitigate, and prevent security risks throughout the software development lifecycle (SDLC). As a senior engineer, you will own security initiatives, mentor developers on security best practices, and play a key role in shaping the security posture of our products.

The ideal candidate is highly motivated, eager to learn, and has a security by design mindset. This role provides career growth opportunities, enabling you to deepen your expertise in AppSec, DevSecOps, and cloud security.

What you'll do:
Partner with development and product teams to integrate security best practices into the SDLC.
Lead threat modeling and architecture security reviews to proactively identify and mitigate risks.
Conduct security assessments, including code reviews, vulnerability scans, penetration testing, and secure product design reviews.
Stay up to date with emerging security threats, vulnerabilities, and industry trends, ensuring we remain ahead of evolving risks.
Support and contribute to security incident response activities, including root cause analysis and post-incident improvements.
Automate security processes and integrate security tools within CI/CD pipelines.
Develop and deliver secure coding training to engineering teams.

Realize your potential by joining the leading performance-driven advertising company!
The ideal candidate will bridge high-level security governance with hands-on, automated security implementation across the Software Development Life Cycle (SDLC).
This individual will be a critical enabler, empowering teams to move swiftly and deliver exceptional value to our clients, all while upholding the required security standards. A proven track record in successfully balancing rapid innovation with robust security practices is essential for this role.
How youll make an impact:
As the DevSecOps Engineer, you will be responsible for creating a secure-by-design culture and leading the operational implementation of our security strategy. You will:
Build the Secure SDLC (SSDLC) Strategy: Develop, own, and execute the companys comprehensive DevSecOps strategy, focusing on automation to manage security at scale from code check-in to production deployment.
Lead Key Security Engineering Initiatives: Lead and manage security engineering programs, including:
Maturing the security tools stack (e.g., implementing WAF, and automating SCA/SAST tools).
Owning the bug bounty and responsible disclosure programs triage and remediation tracking.
Enhancing the Identity and Access Management (IAM) framework through concepts like Just-In-Time (JIT) and Zero Trust principles.
Operationalize CVE Tracking and Remediation: Design and implement a scalable system for discovering, tracking, and prioritizing Common Vulnerabilities and Exposures (CVEs) in third-party and custom code. Drive the engineering teams to achieve security risk remediation goals by providing clear, actionable data and automated patching mechanisms.
Measure & Drive Improvement: Develop and maintain key DevSecOps metrics (e.g., Mean Time To Detect/Remediate - MTTD/MTTR, percentage of code coverage by SAST/SCA tools) to measure the effectiveness of automated controls and provide a data-driven picture of the application security posture.
Embed Security Engineering: Spearhead R&D DevSecOps initiatives, partnering directly with engineering teams to select, deploy, and maintain security tools, establishing security gates and best practices throughout the product development lifecycle.

Realize your potential by joining the leading performance-driven advertising company!
The ideal candidate will bridge high-level security governance with hands-on, automated security implementation across the Software Development Life Cycle (SDLC).
This individual will be a critical enabler, empowering teams to move swiftly and deliver exceptional value to our clients, all while upholding the required security standards. A proven track record in successfully balancing rapid innovation with robust security practices is essential for this role.
How youll make an impact:
As the DevSecOps Engineer, you will be responsible for creating a secure-by-design culture and leading the operational implementation of our security strategy. You will:
Build the Secure SDLC (SSDLC) Strategy: Develop, own, and execute the companys comprehensive DevSecOps strategy, focusing on automation to manage security at scale from code check-in to production deployment.
Lead Key Security Engineering Initiatives: Lead and manage security engineering programs, including:
Maturing the security tools stack (e.g., implementing WAF, and automating SCA/SAST tools).
Owning the bug bounty and responsible disclosure programs triage and remediation tracking.
Enhancing the Identity and Access Management (IAM) framework through concepts like Just-In-Time (JIT) and Zero Trust principles.
Operationalize CVE Tracking and Remediation: Design and implement a scalable system for discovering, tracking, and prioritizing Common Vulnerabilities and Exposures (CVEs) in third-party and custom code. Drive the engineering teams to achieve security risk remediation goals by providing clear, actionable data and automated patching mechanisms.
Measure & Drive Improvement: Develop and maintain key DevSecOps metrics (e.g., Mean Time To Detect/Remediate - MTTD/MTTR, percentage of code coverage by SAST/SCA tools) to measure the effectiveness of automated controls and provide a data-driven picture of the application security posture.
Embed Security Engineering: Spearhead R&D DevSecOps initiatives, partnering directly with engineering teams to select, deploy, and maintain security tools, establishing security gates and best practices throughout the product development lifecycle.